Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Ant writes "The December malware threat reports are trickling in from vendors — and they all appear to be different. Fortinet, Sunbelt Software, and Kaspersky all published their lists of the most prevalent malware strains for the last month of 2009, but they didn't match up, leading to an admission that users will inevitably be confused by the results. Not only do the various security companies use different names for the threats they identify; they don't even identify the same threats."

"He argued that antivirus companies have tried to use common names for malware that they find..."

No they haven't.

"It's hard for users...Because anti-malware vendors are also competitors, they have little incentive to work together on normalizing names and detection techniques, he pointed out...Because of the way that the industry works, you can't work around them too well."

That's why.

"In short: is there a problem with the user confusion over threat tables like these? Most definitely..."

Most definitely not. Windows users have no idea about 'threat tables' or what the hell's going on, except that their antivirus program is blinking red and making noises and they have to keep clicking "yes" or "OK" to make it better.

"'Comparing the monthly statistics from different anti-virus companies is truly comparing apples and oranges,' said Tom Kelchner, Sunbelt Research Center manager. 'What one company detects and identifies as a specific, named piece of malcode, another may detect generically.'"

The inconsistency stems from the fact that these so-called "antivirus software research labs" are just Windows terminals with neckbeards in each. Symantec's neckbeard prefers browsing porn sites with ActiveX. Fortinet's neckbeard gets his latest and greatest malware from careless P2P downloads. Kapersky's neckbeard gets his viruses from phishing and gambling sites.

"'Comparing the monthly statistics from different anti-virus companies is truly comparing apples and oranges,' said Tom Kelchner, Sunbelt Research Center manager. 'What one company detects and identifies as a specific, named piece of malcode, another may detect generically.'"

The inconsistency stems from the fact that these so-called "antivirus software research labs" are just Windows terminals with neckbeards in each. Symantec's neckbeard prefers browsing porn sites with ActiveX. Fortinet's neckbeard gets his latest and greatest malware from careless P2P downloads. Kapersky's neckbeard gets his viruses from phishing and gambling sites.

Good to know. Now I know which AV vendor I'll be choosing in the future.

Sure you can. How do you think I managed to get first post? But my comment was not visible for 10 minutes. It was visible for 8 seconds between the time I posted it and the time I read his reply. Not long enough. This fine article, as of the time I clicked reply, still doesn't have a second thread under it. He's a script.

The writer could conceivably seen the story in the firehose, thought this one will make the front page, copied and pasted story into a text editor and composed their message, then had it ready to post. When the article with your reply came live, they posted within 8 seconds, with a more cogent response than your initial first post as they had time to work on a first reply. This is also suggested by the post referencing the story but not your post.

Windows users have gotten smart about updating, people know better than to take ActiveX downloads from free porn sites, and people have wised up about trusting what they get from P2P. All sources are now seeing lower virus rates

And how much of that is caused by the bad practices of places like Worst Buy? As a PC repairman I get a lot of Best Buy and Staples machines across my desk, and the default settings these bunches use is just terrible. They ALL have Automatic Updates for Windows turned off, most haven't had so much as a single patch since they came from the factory, the only "protection" they have is a shitty 30 day crapware AV install, and some even have the firewall DISABLED by default! WTF?

This is why education is so important and the idea that a computer is simple is bad. People buy devices that are as powerful as supercomputers were 15 years ago and expect them to be as simple as a toaster. So they end up giving vast amounts of computing power and network bandwidth to criminals.

As for Best Buy -- just an example of how easy are a fool and his money parted. I recall reading an article about how many people just buy a new cheap PC after theirs is infected. Of course, current security practice

This is why education is so important and the idea that a computer is simple is bad.

No, this is why the current monopoly general-purpose OS is such a bad idea.

If formats, protocols, APIs etc are open, then simple computers can be used for simple tasks. The hardware industry is trending in that direction with products that are cheap, functional and simple, like the Freescale Tablet.

A device like that could be made safe, reliable and uncomplicated given the right software selection. People who don't wan

No, this is why the current monopoly general-purpose OS is such a bad idea.

Yeah, because Best Buy would harden Linux if they sold it in any numbers.

I don't know if you are the same guy, but I've seen the call for open OS a crapload in the comments on this article. Yet, I've seen nothing that indicates this wouldn't happen as bad (or worse) with Linux or some other currently existing OS that is "open". The only saving them now is the fact that the number one OS is such an easy target. Whether it's easy

Hairyfeet is a Microsoft apologist. He's always on hand to invent excuses for Microsoft's failings.

As any shopper will tell you, your computer comes from the reseller in a box from the manufacturer, and generally has a standard pre-install image ready to run. I've never seen any modification of settings, just the usual crapware installed.

Oh give me a fucking break! Lord save us from paranoid Linux users!! For your info I have said on here about a bazillion times that Steve Ballmer is probably the shittiest fortune 500 company CEO ever, and have been more than happy to list their many failings (RRoD, Zune, no DX10/11 for XP, Vista) but quit trying to be paranoid and blame everything on 'teh evils M$!" okay?

And no shit they come with a default image, so do all the off lease office equipment I sell. You know what? I take a whole 2 minutes to r

Oh believe me pal, I can share some Worst Buy horror stories. The last shop I worked for (Now I do mostly SOHO and SMBs and the only home users are brought to me by word of mouth) was the "go to" place for those poor souls that went to Worst Buy.

Here are just a few that I can remember off the top of my head: One guy went in with a nearly $500 graphics card, came out with a $50 one, which of course when I told him and he went screaming to Worst Buy said "You can't prove you had a decent card in there". Folk

Can you point me to some malware that does so little, that it can remain undetected by a fairly savvy computer user? I'm serious here - there's always a troll in these threads that makes the comment you just made. However, in my experience, I've never run into malware which was "stealth". Its entire purpose is to send mail, pop up ads, and propagate. All of that is damn easy to spot if you're reasonably well versed in how your computer normally runs.

Can you point me to malware that engages in only spurious network activity? All that I've seen are either mass mailers, which is pretty easy to spot, or ad-based, which by definition need to be visible. I've never seen malware that sent out an email an hour, only when the network was active.

(I've also never heard of one which modifies the blinkenlights on my router and modem. If I'm not using the internet, and they are flickering away, that'd be a problem.)

The real risk does not come from pop-up ads, a changed browser or porn links on a desktop. Nor does it come from formatting harddisks or constantly rebooting. The dangerous thing would be rootkits that hide, remain unseen, log your keystrokes, log your internet traffic etc. and send them to a business rival. They could be buried deep in network traffic, for instance in DNS requests. In contrast to the usual "open some ad windows on the users screen" malware, in this case remaining unseen is crucial.

<quote><p>That's not malware. That's a targeted attack. We're talking about garden-variety, drive-by download, infected porn site malware here. We're talking about flies, you're talking about a unicorn.</p></quote>Hidden software that logs keystrokes and sends the results off to a remote system has a lot of value. It doesn't need to only hit a targeted system. When they see results like:

Everyone's always touting the benefits of competition, but here's a clear example of competition serving to confuse the market. There are a number of problems:

1) Antivirus solutions do not co-exist - and not just the resident portion. I'd love to run a second or 3rd scanner like I can for spyware but Antivirus vendors have created a market that is use to the worst kind of lock in. Why can't I run 3 different products side by side and decide which one's resident scanner I want switched on? I'm sure there are technical issue but I'm also sure they're not insurmountable.

2) Antivirus vendors are now trying to police what you can and can't do. Look at the numerous reports of false positives for programs that are legally grey (or black) but aren't viruses. I've personally had network tools come up as false positives and it's a pain to unquarantine and exclude them so they don't quarantine themselves again.

3) The main form of collusion between vendors seems to be fitting into Microsoft frameworks so they show up as antivirus software in the appropriate control panel and so you don't get warnings about invalid or out of date antivirus. But this in itself makes them more vulnerable to attack

4) The products are often so badly written that they cause as many problems as they solve. A bad update here or there can (and has in the past) caused irrevocable system damage that has required a reinstall or restore from backup for users. What's the point of an antivirus that does this. Worse I've seen much subtler performance problems from minor antivirus updates - in one case it brought a company I worked for's client's machines to their knees and initially they blamed us. Turns out a change in the engine meant very big files were being opened and re-scanned for every write. Needless to say it wasn't out fault.

5) Every vendor seems to have their own names for a virus. For pity sake can we have some kind of standard naming mechanism?

Isn't competition suppose to improve such things and open up the market? In this case it just hasn't happened. There has been implicit collusion but not of the right sort to improve or provide a diverse range of products. There's not one product that will protect you well.

I'm guessing the reason you can't use multiple resident scanners is that just one will bring your system to a crawl. I don't even want to touch a computer with Norton + McAfee. Back when I used Windows my solution was to have adblock, spybot, AVG and Clamwin and then just scan any programs I downloaded (along with not downloading seedy looking programs). It worked pretty well. If I did have any viruses, none of them were noticable (and my monthly+ scans never picked anything up). I think the need for constantly running virus scanners is seriously overstated, at least for people who know not to run HorseSex.exe.

I'm guessing the reason you can't use multiple resident scanners is that just one will bring your system to a crawl.

I wrote: and not just the resident portion

I think the need for constantly running virus scanners is seriously overstated, at least for people who know not to run HorseSex.exe.

I got drive by downloaded 2 days ago. My antivirus didn't pick it up, but fortunately my firewall did (which prevented further virus downloads). I was looking for books on photography (reguarly non-sexual photography) and

Everyone's always touting the benefits of competition, but here's a clear example of competition serving to confuse the market.

No, this is a clear example of a monopoly creating a market repairing broken Windows. That's why it seems confusing.

Consumers shouldn't be facing a choice of ineffective bandaids to patch over their computers' inability to keep malware out. They should be able to choose a computer/OS that is inherently resistant.

For computer users, this is a Red Queen's race, and Windows users have to keep paying and stay vigilant just to retain a semblance of control of their own machines. The real solution is to mandate open formats, APIs, and protocols, then let any OS vendor compete on level terms. When consumers can select an OS that suits them, including the level of security they wish to pay for, we will have competition. Only then will OS vendors have to improve their products to retain customers.

consumers CAN select the OS that suits them, it just happens that windows is that OS. linux advocates always claim linux can do everything that windows does, so why aren't people leaving windows for linux in droves??

It's a self-sustaining monopoly out there. How can you tell about some abstract choice if for a majority of people PC=Windows? And you can't really blame people here: all they see is Windows, on every shell in every computer store. Exclusive per-CPU deals led to a situation where OEM's pay the same to Microsoft no matter how many OS's they offer, so they usually offer one because it's cheaper that way.What choice do consumers really have if they don't know about Linux? Windows vs. overpriced Apple computers

No, this is a clear example of a monopoly creating a market repairing broken Windows. That's why it seems confusing.

Irrelevant. That there's a monopoly on the OS doesn't have anything to do with the software that runs on it. We had a monopoly of petrol cars in the US for the longest time. Sure, that meant that the diesel Mercedes didn't sell here, but the competition between the petrol car makers was real. And that competition worked the way it was supposed to.

- User boots live-cd- Some malware gets executed and stays in RAM (by user interaction or not)- Malware reflashes the EEPROM holding the BIOS with some malicious code- On next boot BIOS will store some malicious code in memory and does something very clever that makes the OS on the liveCD execute that code

The game console makers prevent the attack just by requiring all executables to have been signed by the console maker and putting a policy in place that software from a one-man outfit won't get signed.

The game console makers prevent the attack just by requiring all executables to have been signed by the console maker and putting a policy in place that software from a one-man outfit won't get signed.

Which can still be defeated by exploitings bugs in approved software. The effect is more to restrict who can write for the platform. Even to attempt to control what the owner can do with their machine.

No, there certainly is such a thing. I hate to be one to preach how great mac and Linux are, but they are 'Inherently resistant'(Combination of obscurity and the lack of the porosity leading weak points to be mainly the user, and even then defending him/her from his/herself). There is a huge difference between that and immunity though.

You are aware that the great majority of Windows malware in the last 5 or 10 years has been taking advantage of either the weak point between the keyboard and the chair or unpatched client software to install and spread?

The vast majority of said windows malware actually takes advantage of the user combined with the fact that user typically runs all his code as an admin.. Unix/Mac don't give you elevated privileges by default, and provide a well understood mechanism by which you can elevate your privileges which *should* make you think...

There is also worm type malware which attacks open network services, windows ships with several services on by default, even on a workstation install, which cannot easily be turned off and

As an extension to the above, the windows mentality of downloading and executing binary installers from websites lends itself to malware

It's not just the Windows mentality. Mac OS X has the same mentality of downloading a disk image from a site and dragging the.app bundle to the Applications folder. Likewise, if Linux ever gets widespread, it will likely have the mentality of adding a software publisher's repository to a machine's software sources and installing software that way.

The point is that [well-known companies' software repositories] are at least crptographically signed.

If a malware publisher can buy an Authenticode certificate for $200 per year, what makes you think these repos won't get signed in a way that the less-trained user is likely to trust?

And even if Linux was very popular, most people's everyday requirements would be preinstalled as part of the distro defaults or met from the distro's repos, or the signed trusted repos of large companies like Adobe.

So in other words, developers have to get their software published by either a distro (if free) or a large company (if non-free). But independent video games, for instance, can't go in the distro's repos because making the program and its data free or freely distributable, as required by the distro, would compromise the busines

windows ships with several services on by default... [snip]... Linux/Mac ships with virtually nothing listening by default

So they are the same then, right? You would have have not qualified "nothing" with "virtually" if you knew that you could get away with it (like if it was true).. so we have you using liberal language on one side and conservative language on the other, to say the exact same thing. Why is that?

Moving on:

... which cannot easily be turned off and are usually just hidden behind a software firewall... [snip]... anything that is listening can be turned off and a software firewall (if you choose to enable one) provides an extra level of security on top of that

Oh look, you did it again.

Why are you so disingenuous?

The fact of the matter is that it is Windows users who are the big problem and if 2010 was the year of Linux, you can damn welkl expect 2011 to

I say "virtually" because i did not have any straight default installs at my disposal to verify..

Also there are too many different linux distributions to say with absolute certainty... A default install of Gentoo (having followed the standard installguide) has nothing listening on the network by default for instance...Also the Ubuntu machine i have here, only seems to have sshd and cupsd listening on the network, and i explicitly enabled those services.A tailored linux distro designed to perform a specific

The vast majority of said windows malware actually takes advantage of the user combined with the fact that user typically runs all his code as an admin.. Unix/Mac don't give you elevated privileges by default, and provide a well understood mechanism by which you can elevate your privileges which *should* make you think...

Such elevation can also be applied on a per program basis. If there is an equivalent of setuid/sudo/etc in Windows it dosn't appear to be that well understood. To the point where "give th

If there is an equivalent of setuid/sudo/etc in Windows it dosn't appear to be that well understood.

My understanding is that it is automatic. That is, if the program is written right, you are logged in as user, and when something needs root, it pops up and states it's needed and asks for that permission. And for things that aren't smart enough to ask (older programs), you can right-click and run-as admin. I'm not set up right now to test this, but hopefully someone out there can check this on Vista or

1) Antivirus solutions do not co-exist - and not just the resident portion. I'd love to run a second or 3rd scanner like I can for spyware but Antivirus vendors have created a market that is use to the worst kind of lock in. Why can't I run 3 different products side by side and decide which one's resident scanner I want switched on? I'm sure there are technical issue but I'm also sure they're not insurmountable.

I decided on one paranoid night to try to do just that. I found that for the most popular free solutions (AVG, Avast, Avira) you can install them side-by-side and narrowed it down to just one resident scanner running. You either have to find the hidden option in the menus, disable the start-up entries, or just opt not to install them during setup. I was able to safely ignore the warnings about having other AV products installed during the various setups.

6) Vendors appear to put more effort into making their user interface "pop" rather trying to minimize resource usage and system impact. For example, Microsoft antivirus creates a system restore point every time the signatures are updated (once a day). Every time a system restore point is created my system become barely unusable for a couple of minutes. You can't control when it updates the signatures (currently for me it's around 23:20). Which brings me to:

5) Every vendor seems to have their own names for a virus. For pity sake can we have some kind of standard naming mechanism?

How about a (latin/greek) Biological-like [wikipedia.org] naming system. After all, it works for biology and many (computer)viruses are derived from earlier versions of those viruses, so we could have actual hierarchies.

So you could have a name such as: "userus.dumbus.clicktus.pornolinkus.diabolicus"

Of course after the latin name we could come up with a "common" name - based on the name of the unfortunate tech who had the displeasure to remove it first.

2) Antivirus vendors are now trying to police what you can and can't do. Look at the numerous reports of false positives for programs that are legally grey (or black) but aren't viruses.

They don't even have to be questionable. VNC manages to generate plenty of false positives, IME.

4) The products are often so badly written that they cause as many problems as they solve. A bad update here or there can (and has in the past) caused irrevocable system damage that has required a reinstall or restore from bac

Not only do the various security companies use different names for the threats they identify; they don't even identify the same threats.

This is why I have to run 6 different scanners: because there isn't one that detects all the threats. I currently run 2 antivirus programs along with SpyBot, SuperAntiSpyware, Windows Defender, and Malwarebyte's Anti-Malware.

That's too much shit running for me, though I agree with you - no one scanner is God's answer...
I gave up and just do good backups and run MSE. I've implemented a Don't Click That policy with my wife and 2 kids, so far I've dodged the bullet.

``This is why I have to run 6 different scanners: because there isn't one that detects all the threats. I currently run 2 antivirus programs along with SpyBot, SuperAntiSpyware, Windows Defender, and Malwarebyte's Anti-Malware.''

And yet, people insist that Windows is user friendly. More so than other operating systems, even.

If you don't engage in risky behavior you don't have to worry so much.

Really?

Researchers Hijack a Drive-By Botnet.
They found more than 6,500 websites hosting malicious code that redirected nearly 340,000 visitors to malicious sites. Drive-by downloading involves hacking into a legitimate site to covertly install malicious software on visitors' machines

"Once upon a time, you thought that if you did not browse porn, you would be safe," says Giovanni Vigna, a UCSB professor of computer science and one of the paper's authors. "But staying away from the seedy places on the Internet is no longer an assurance of staying safe."

Warez doesn't typically come with malware, if anything pirate copies of various things often have malicious (defined as doing something detrimental to the user or his machine) code such as drm schemes removed.

I have done many incident response jobs, where one or more machines inside a company becomes infected with something that the av they subscribe to fails to detect, and it falls upon me to investigate the infection. Very few of these machines have any warez on them, or evidence of trying to view things

If you don't engage in risky behavior you don't have to worry so much. For example, paying for all your software should be enough

Whom should I pay for Firefox and GNU Image Manipulation Program? But seriously, my aunt got drive-by-downloaded twice, both times by fake antivirus software, and she spends most of her time in Facebook. I didn't know Facebook had mandatory fees. The first time it happened ("System Security"), I was able to boot into safe mode and run MalwareBytes Anti-Malware, but this time ("Advanced Virus Remover", apparently a newer version of the same threat), safe mode just causes the computer to restart during boot.

1 grab a USB >PATA|SATA cable and a good screwdriver2 pop the case on her computer and pull out the hard drive3 use the cable to mount her hard drive on your computer4 scan her drive on "NSA Paranoid" level (you may of course want to do a scandisk on it first)5 backup her hard drive after it has been cleaned6 replace her harddrive boot it and pray

For personal reasons that I would prefer not to disclose on Slashdot, she wants to pinch every penny from this fix; otherwise, she would have already taken the computer into a local repair shop. At this minute, without access to ask her, I'll assume that she'll tell me that she can't afford to buy a USB enclosure for this fix.

4 scan her drive on "NSA Paranoid" level (you may of course want to do a scandisk on it first)

My primary computer is a laptop that runs Ubuntu 9.10; her computer runs Windows XP Professional. Ubuntu won't mount an uncleanly unmounted NTFS without a special flag; even then, I ha

OK. But you can mount and read her files. So get some USB sticks and copy her files over to them. Then reformat the disk.

Yeah, it's a pain, and a lot of work. But it's a way forwards. Then, if the computer has enough power, install ubuntu and INSIDE it a virtual machine into which you install MSWind and any applications that she needs. Don't allow the virtual machine access to the internet.

I'm sure there are other ways forwards, and I don't know all the details, but this should work, though it would b

Get an iPhone. Seriously. Requiring signed and approved applications along with a mechanism to withdraw applications is the only feasible way I can see to somewhat secure a computer. Plus, http and smtp must die, instead requiring https and some better mail protocol with encryption and signatures.

Certificates should be issued by government, by the way. Preferably at a cost that will cover a reasonable identification procedure for the certificate holder. And I realize this raises a lot of issues with regards

Is the problem that bad, or is this just the latest version of Chicken Little? I use Avast! Antivirus, Malwarebytes, Spybot and Comodo's firewall. They update and scan each night when I'm not at the computer (which is on 24-7, by the way, and has been for more than five years). I've never had a virus or any serious malware infestation. Never. A few tracking cookies, the occasional inactive trojan and the like are invariably sacrificed at the nightly slaughter.

If that's true you either REALLY need Windows or are plain masochistic. I don't use Windows for years now, but I still remember how a scanner trashes the hard disk and slow the whole system beyond acceptable for some hours. With six scanners it would take a whole day to run them through your disk once.

I pay $24.95 a month in antivirus updates for my $449.98 netbook. I do a deep scan one day a month just to be on the safe side and I manage to keep infections down in the double digits. But what else can I do? Macs are too expensive and Linux just requires too much time.

Not only do the various security companies use different names for the threats they identify; they don't even identify the same threats.

Doesn't make sense to me. I mean, if Schemester Antivirus wants to identify a threat that is "not the same" as the one Flybynight Computer Security wants to identify, wouldn't one expect them to use different names?

That's like saying Ford calls its car Fiesta, while Toyota calls its car Tazz, but they are not the same car. (To include the obligatory car analogy.)

Just wanted to make a comment regarding anti-virus/malware vendors and how they co-operate with each other. Recently I took on some Sophos training for work - Sophos makes security software which includes (among other things) anti-virus.

From what I was told, they DO work with other AV vendors in one particular situation: samples. If a new virus/trojan/nasty is detected by any vendor in a partnership of vendors, they will provide a sample to others, but won't tell them their detection algorithms. That way th

"I use Linux. Its true that there are some viruses for Linux, its just that I haven't ever had one."

Do you understand the difference between a Virus, and Spyware, Malware, Worms, and Root Kits? This idea you have is a mirage. Linux boxes have multiple serious security flaws, as all our systems do today, The idea peddled by some is that one side is immune, while the other is an open door way. I'd really rather people talked sensibly with a realisation that our curren

Linux has a significantly higher proportion of the server market however, and is dominant in the supercomputer market... The areas where Linux is strong are generally more useful to a hacker, as the systems are more likely to be running 24/7 and have access to far more bandwidth. So yes, Linux is very much a target and has plenty of people working to find ways onto Linux machines.

The people with the most computing power on the planet right now are Russian hackers (some of the botnets are estimated to total 4+ million machines)

Supercomputers are yesterdays news. These botnets put them to shame on nearly every metric. The idea that you mentioned them as an important target in laughable, because even if hackers got in.. they would get noticed rather quickly even if nobody is watching for it when that 7 hour job instead takes 14.

Linux is too fragmented. Get 20 million Ubuntu Karmic users (or whatever) and you'll see some malware. Of course, if you see much Linux malware crop up, then you'll see some userspace tools for SElinux... or such is my hope.

You are super pessimistic. There are more than 2 billion Linux machines out there and pretty much every Windows home user has a dinky little Linux based modem and firewall thingy for his desktop to hide behind. Linux devices are much more prevalent than Windows devices.
Windows is only dominant if you define the market segment so narrow that it is the only thing that fits...

That's a pretty unfair comparison for this discussion. If you run Windows with just a service like a firewall then it too is pretty secure. It is only when you start installing more complicated programs to read emails, browse the web and load office documents that it starts to become vulnerable to viruses.

Out of that 2 billion Linux machines, how many are used as interactive user workstations (ie desktop & notebook clients)?

It matters.

Servers are usually administered by someone who knows something about what they're doing. Consumer appliances are often not administered at all - but that's fine, because their software loadout comes with everything they will ever need and any updates come as a "whole system software replacement" from the manufacturer. An appliance's small functional set compared to a gener

I know of no one outside of a Google employee that runs Linux on any device they own.

None of the non-tech savvy have a Linux based router, and the tech-savvy people I know that use something custom use a BSD.

I've yet to come across a Linux based WAP or router in the real world.

Many consumer network appliances do run Linux, but don't advertise it. What operating system a device uses is meaningless to most end users, and many devices don't have a published method of changing the software running on the devic

There are more than 2 billion Linux machines out there and pretty much every Windows home user has a dinky little Linux based modem and firewall thingy for his desktop to hide behind.

Many might run Linux, but many use closed source embedded operating systems. The vendors would easily switch to something else. For example, I believe Linksys switched from Linux to VxWorks in one model because they could get away with including use less memory.